Google, China, Censorship and Hacking

I was out of the office yesterday and away from a computer, so I wasn't able to comment on what is undoubtedly the biggest computer security story so far this year: the news that Google was looking to stop censoring its search engine results in China, after discovering that someone in the country had tried to hack into the Gmail accounts of human rights activists.

There have been plenty of companies and organisations on the receiving end of targeted attacks in the past, what's different about this story is that Google took the highly unusual step of admitting that it had been on the receiving end of an attack, and point a very public finger at who they believed to be responsible.

So, what happened?

According to a Google statement, Google and at least 20 other large companies have been on the receiving end of a "highly sophisticated and targeted attack" originating from China. It wasn't just internet companies who were victims of the attacks, but also firms from the finance, technology, media and chemical sectors.

Google says that the attack resulted in the theft of some of its intellectual property, and claims that a primary purpose of the attack was to access the Gmail accounts of Chinese human rights activists. The attack has been dubbed "Operation Aurora" by computer security experts.

The search engine giant is at pains to point out that so far their investigation suggests that the attack was not successful in gaining full access to the accounts of human rights activists, and that only two Gmail accounts were partially accessed - revealing limited information such as the date the account was created, and the subject lines (rather than the message body) of emails.

According to a report in Wired, the intellectual property stolen by the hackers was not something that would be useful to gain a commercial advantage over Google, but could help third parties gain access to users' accounts.

As an aside, Google said that during its investigation it discovered that the Gmail accounts of dozens of supporters of improved Chinese human rights - based in the USA, Europe and China - have been routinely breached by hackers, presumably after their passwords were stolen through phishing and malware attacks. However, these breaches are said to have been independent of the central attack on Google.

In a post on its official blog, Google announced that as a result of the attacks, combined with the attempts to limit free speech over the last year, it was

"no longer willing to continue censoring [its] results on Google.cn"

and continued:

"over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China."

Of course, when a company of the importance of Google makes a statement like this, it's hard for the US government not to take notice.

US Secretary of State Hillary Rodham Clinton issued a statement as she was having meetings with the Japanese Foreign Minister in Hawaii, calling on Beijing to explain the attacks.

If Google does choose to stop censoring the Chinese version of its search engine that's a move that will most likely win it much support from many corners of the internet. Whether the Chinese government allows it to go ahead with that plan is, of course, another question entirely.

There's probably still much more to learn about this story, and it will be fascinating to see if more details become available in the coming days and weeks.

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley